First Published: January 21, 2016

Last Updated: March 5, 2025

Cisco Secure Firewall Management Center Feature Licenses

The Cisco Secure Firewall Management Center feature license type required depends on the software running on the managed device. Secure Firewall Threat Defense devices use Smart licenses, while all other devices use Classic licenses. The management center hardware does not require a license, but the Secure Firewall Management Center Virtual requires an entitlement for each device it will manage. For managed device hardware that is not running threat defense software, see the documentation for your software product.

Management Center Licensing

Table 1. License Requirements for Management Center Hardware Model or Virtual Platform
Management Center Hardware Model or Virtual Platform	License Requirements
Management Center hardware (all models)	No license is required for management center hardware. The management center can manage devices that use both Smart and Classic licenses.
Management Center Virtual (all platforms)	The management center virtual requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing. Starting in release 6.7, the management center virtual in a high-availability pair consume a license for each registered device in the configuration.

Table 2. Smart Licenses

License You Assign

Duration

Granted Capabilities

Essentials

Perpetual or Subscription

Note

Essentials subscription licenses are supported only on Threat Defense Virtual.

Except for Specific License Reservation and the Secure Firewall 3100, Essentials perpetual licenses are automatically assigned with all threat defense devices.

User and application control

Switching and routing

NAT

For details, see Essentials Licenses.

IPS

Subscription

Intrusion detection and prevention

File control

Security Intelligence filtering

For details, see IPS Licenses.

Malware defense

Subscription

Malware defense

Secure Malware Analytics

File storage

(IPS license is a prerequisite for a Malware defense license.)

For details, see Malware Defense Licenses.

Carrier

Subscription for Firepower 4100/9300, Secure Firewall 3100, and Threat Defense Virtual

Diameter, GTP/GPRS, M3UA, and SCTP inspection

For details, see Carrier License.

URL Filtering

Subscription

Category and reputation-based URL filtering

For details, see URL Filtering Licenses.

(IPS license is a prerequisite for a URL Filtering license.)

Management Center Virtual

Regular Smart Licensing— Perpetual
Specific License Reservation—Subscription

The platform license determines the number of devices the management center virtual can manage.

For details, see Management Center Virtual Licenses.

Export-Controlled Features

Perpetual

Features that are subject to national security, foreign policy, and anti-terrorism laws and regulations; see Licensing for Export-Controlled Functionality.

Remote Access VPN:

Secure Client Premier
Secure Client Advantage
Secure Client VPN Only

Subscription or perpetual

Remote access VPN configuration. Your account must allow export-controlled functionality to configure remote access VPN. You select whether you meet export requirements when you register the device. The threat defense can use any valid Secure Client license. The available features do not differ based on license type.

For more information, see Secure Client Licenses.

Required License Type (Smart or Classic) for Managed Devices

Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.

Note

Some hardware supports either Classic or Smart Licenses, depending on the software running on the device. Make sure you purchase and activate the correct license type for your software.

For details, see licensing information for the software product that will run on the device.

If you activate the wrong license type, contact Cisco TAC.

Use the information below to determine whether your product requires Classic or Smart Licenses.

Table 3. Summary: Required License Type for Firepower Devices

Software

Required License Type

Threat Defense

Smart

ASA FirePOWER module

Note

The ASA runs separate software from the FirePOWER module; licensing for the ASA is not covered in this guide.

Classic

NGIPS devices

Classic

Table 4. Required License Type by Hardware or Virtual Device Model
Device Hardware Model or Virtual Platform	NGIPS Software	Threat Defense Software	ASA FirePOWER Software
Cisco NGIPS for Blue Coat X-Series	Classic	—	—
3D500, 3D1000, 3D2000 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 3D9900 (EOL)	Classic	—	—
Firepower 7010, 7020, 7030, 7050 Firepower 7110, 7115 7120, 7125 AMP7150	Classic	—	—
Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050, AMP8150, AMP8350	Classic	—	—
NGIPSv	Classic	—	—
Threat Defense Virtual	—	Smart	—
ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X	—	Smart	Classic
ISA 3000 For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/c/en/us/support/security/defense-center/products-device-support-tables-list.html.	—	Smart Versions 6.2.3 and 6.3 support Threat license only. Support for Specific License Reservation was introduced in 6.4.	Classic
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X	—	Smart	Classic
ASA 5585-X	—	—	Classic
Firepower 1010 Firepower 1100 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300	—	Smart	—
Secure Firewall 3100 Series	—	Smart	—

Licensing Instructions by Version

Use this table to find feature license instructions by version.


Software Version	Device Type	Licensing Information For
7.7	Threat Defense	The threat defense managed by the management center: The "Licenses" chapter in the Secure Firewall Management Center Administration Guide for version 7.7, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/770/management-center-admin-77/system-licenses.html This chapter includes information about Specific License Reservation. The threat defense managed by the device manager: The "Licensing the System" chapter in the Secure Firewall Device Manager Configuration Guide for version 7.7, at https://www.cisco.com/c/en/us/td/docs/security/firepower/770/fdm/fptd-fdm-config-guide-770/fptd-fdm-license.html
7.6	Threat Defense	The threat defense managed by the management center: The "Licenses" chapter in the Secure Firewall Management Center Administration Guide for version 7.6, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/760/management-center-admin-76/system-licenses.html This chapter includes information about Specific License Reservation. The threat defense managed by the device manager: The "Licensing the System" chapter in the Secure Firewall Device Manager Configuration Guide for version 7.6, at https://www.cisco.com/c/en/us/td/docs/security/firepower/760/fdm/fptd-fdm-config-guide-760/fptd-fdm-license.html
7.4	Threat Defense	The threat defense managed by the management center: The "Licenses" chapter in the Secure Firewall Management Center Administration Guide for version 7.4, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/740/management-center-admin-74/system-licenses.html This chapter includes information about Specific License Reservation. The threat defense managed by the device manager: The "Licensing the System" chapter in the Secure Firewall Device Manager Configuration Guide for version 7.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-license.html
7.3	Threat Defense	The threat defense managed by the management center: The "Licenses" chapter in the Secure Firewall Management Center Administration Guide for version 7.3, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/730/management-center-admin-73/system-licenses.html This chapter includes information about Specific License Reservation. The threat defense managed by the device manager: The "Licensing the System" chapter in the Secure Firewall Device Manager Configuration Guide for version 7.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/730/fdm/fptd-fdm-config-guide-730/fptd-fdm-license.html
7.2	Threat Defense	The FTD, managed by the management center: The "Licenses" chapter in the Secure Firewall Management Center Administration Guide for version 7.2, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-licenses.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Secure Firewall Device Manager Configuration Guide for version 7.2, at https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-license.html
7.1	FTD	The FTD, managed by the management center: The "Licenses" chapter in the Firepower Management Center Administration Guide for version 7.1, at https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-licenses.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 7.1, at https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-license.html
7.0	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 7.0, at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 7.0, at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/fdm/fptd-fdm-config-guide-700/fptd-fdm-license.html
7.0	All other supported devices	Cisco ASA with FirePOWER Services and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 7.0, at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/licensing_the_firepower_system.html Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 7.0, at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/asa-fp-services/asafps-local-mgmt-config-guide-v70/licensing_the_asa_firepower_module.html
6.7	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.7, at https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.7, at https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-license.html
6.7	All other supported devices	Cisco ASA with FirePOWER Services and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.7, at https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/licensing_the_firepower_system.html Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.7, at https://www.cisco.com/c/en/us/td/docs/security/firepower/670/asa-fp-services/asafps-local-mgmt-config-guide-v67/licensing_the_asa_firepower_module.html
6.6	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.6, at https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.6, at https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-license.html
6.6	All others	Cisco ASA with FirePOWER Services and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.6, at https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/licensing_the_firepower_system.html Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.6, at https://www.cisco.com/c/en/us/td/docs/security/firepower/660/asa-fp-services/asafps-local-mgmt-config-guide-v66/licensing_the_asa_firepower_module.html
6.5	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/fdm/fptd-fdm-config-guide-650/fptd-fdm-license.html
6.5	All others	Cisco ASA with FirePOWER Services and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/licensing_the_firepower_system.html Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/asa-fp-services/asafps-local-mgmt-config-guide-v65/licensing_the_asa_firepower_module.html
6.4	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-license.html
6.4	All others	Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/licensing_the_firepower_system.html Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/asa-fp-services/asafps-local-mgmt-config-guide-v64/licensing_the_asa_firepower_module.html
6.3	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-license.html
6.3	All others	Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/asa-fp-services/asafps-local-mgmt-config-guide-v63/licensing_the_asa_firepower_module.html Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/licensing_the_firepower_system.html
6.2.3	FTD	The FTD, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/licensing_the_firepower_system.html The FTD, managed by the device manager: The "Licensing the System" chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-license.html
6.2.3	All others	Cisco ASA with FirePOWER Services, managed locally: The "Licensing the ASA FirePOWER Module" chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/asa-fp-services/asa-with-firepower-services-local-management-configuration-guide-v623/Licensing.html Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: The "Licensing the Firepower System" chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/licensing_the_firepower_system.html
6.2.2	FTD	The FTD, managed by the management center: Licensing the Firepower System The FTD, managed by the device manager: Licensing the System
6.2.2	All others	Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: Licensing the Firepower System
6.2.1	FTD	The FTD, managed by the management center: Licensing the Firepower System The FTD, managed by the device manager: Licensing the System
6.2.1	All others	—
6.2.0.x	FTD	The FTD managed by the management center: Licensing the Firepower System The FTD managed by the device manager: Licensing the System
6.2.0.x	All others	Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: Licensing the Firepower System
6.1.0.x	FTD	The FTD managed by the management center: Licensing the Firepower System The FTD managed by the device manager: Licensing the System
6.1.0.x	All others	Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: Licensing the Firepower System
6.0.1.x	FTD	The FTD managed by the management center: Licensing the Firepower System
6.0.1.x	All others	Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the management center: Licensing the Firepower System
6.0.0.x	All except FTD	Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module All other implementations: Licensing the Firepower System
5.4.x	Classic	Cisco ASA with FirePOWER Services: Licensing the ASA FirePOWER Module All other implementations: Licensing the FireSIGHT System
5.3.1.x	Classic	Licensing the FireSIGHT System

For Assistance

If you have any questions about installing or using feature licenses, contact TAC Support:

Visit the Cisco Support site at http://support.cisco.com/.
Email Cisco Support at mailto:tac@cisco.com.
Call Cisco Support at 1.408.526.7209 or 1.800.553.2447.

Cisco Secure Firewall Management Center Feature Licenses

Available Languages

Download Options

Bias-Free Language

Cisco Secure Firewall Management Center Feature Licenses

Management Center Licensing

Required License Type (Smart or Classic) for Managed Devices

Licensing Instructions by Version

For Assistance

Was this Document Helpful?

Contact Cisco

This Document Applies to These Products